feat: Bump claude-agent-sdk to 0.3.156 for Opus 4.8 thinking

[charlesvien]

Problem

Opus 4.8 was rejecting requests with HTTP 400 because the pre-0.3.156 SDK emitted the legacy thinking: { type: "enabled", budget_tokens: N } shape, which the new model only accepts as thinking: { type: "adaptive" } + output_config: { effort }.

Changes

1. Bump @anthropic-ai/claude-agent-sdk 0.3.154 → 0.3.156 (upstream v2.1.156 thinking-blocks fix)
2. Bump @anthropic-ai/sdk 0.100.0 → 0.100.1
3. Sync fork to claude-agent-acp v0.39.0 (commit 51a370e)
4. Document the Opus 4.8 fix in UPSTREAM.md
5. Regenerate pnpm-lock.yaml

How did you test this?

Manually

Automatic notifications

• Publish to changelog?
• Alert Sales and Marketing teams?

[charlesvien]

• feat: Bump claude-agent-sdk to 0.3.156 for Opus 4.8 thinking #2441 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[greptile-apps]

T-Rex Logs

What T-Rex did

• Verified the dependency bump for @anthropic-ai/claude-agent-sdk and @anthropic-ai/sdk is reflected in the root manifest and lockfile.
• Inspected the lockfile package and snapshot entries for the Claude agent SDK, Anthropic SDK, peer dependency triple, and native optional binary packages.
• Confirmed the native optional packages cover darwin, linux, linux musl, and win32 targets for both x64 and arm64.
• Checked the Claude adapter effort call sites referenced by the upstream sync note: options.effort and query.applyFlagSettings({ effortLevel }).
• Confirmed the workspace release-age exclusions include the bumped Anthropic packages and their native optional packages.
• Install-time verification could not be completed in the sandbox because the package manager was unavailable.
• Diffed HEAD~2..HEAD and confirmed PR touches only packages/agent/package.json, packages/agent/src/adapters/claude/UPSTREAM.md, and root pnpm-lock.yaml (plus incidental minipass transitive bumps).
• Inspected root pnpm-lock.yaml for @anthropic-ai/claude-agent-sdk@0.3.156 and @anthropic-ai/sdk@0.100.1 — package, snapshot, peer triple, and importer entries are internally consistent.
• Verified all eight native optional binaries are pinned to 0.3.156 in both packages and snapshots, with no missing platform.
• Checked peer ranges declared by 0.3.156 against packages/agent/package.json and confirmed they are satisfied.
• Confirmed pnpm-workspace.yaml minimumReleaseAgeExclude includes the SDK, every native subpackage, and @anthropic-ai/sdk, so the 7-day cooldown does not block 0.3.156.
• Grepbed the two referenced call sites and confirmed the public-surface APIs remained unchanged in 0.3.156.
• Web-searched the upstream claude-agent-sdk-typescript CHANGELOG / docs and confirmed applyFlagSettings is a documented public API and the Opus-4.8 thinking-blocks fix matches UPSTREAM.md.
• Noted the stale packages/agent/pnpm-lock.yaml reference is a pre-monorepo artifact and informational only, not a PR finding.
• Attempted pnpm install --offline --ignore-scripts from packages/agent, but blocked because pnpm is not installed in the sandbox and there is no network; install-time verification recorded as inconclusive.
• All evidence written to trex-artifacts/dep-bump-analysis.log.

Artifacts

Dependency bump verification log

• Shows that the dependency bump is reflected in the root manifest and lockfile and that related entries are consistent.

Static verification log: lockfile consistency, native-binary coverage, peer ranges, cooldown excludes, call-site audit, and install-time blocker.

• Provides static checks such as lockfile consistency, native-binary coverage across platforms, peer ranges, cooldown exclusions, call-site audits, and the install-time blocker status.

_{Ran code and verified through T-Rex}

_{Reviews (1): Last reviewed commit: "explain Opus 4.8 thinking-blocks fix in ..." | Re-trigger Greptile}

[stamphog]

Gates denied this PR because it modifies dependencies and the lock file (deps_toolchain deny-list match). Dependency bumps require human review to verify compatibility and security.